Real Releases Fixes to Media Player Flaws

RealNetworks updates its fixes to several remotely exploitable buffer overruns in its media players.

RealNetworks Inc. this week released updates that fix several remotely exploitable buffer overruns in its media players.
The company has been working on the fixes for several weeks after a security researcher discovered the vulnerabilities and alerted RealNetworks to the problems. Several earlier attempts at fixing the flaws failed to solve all of the problems.
The vulnerabilities affect the RealOne Player and RealOne Player v2 for Windows, RealOne Player for Mac OS X, RealOne Enterprise Desktop Manager, and RealOne Enterprise Desktop.

Mark Litchfield, of Next Generation Security Software Ltd., in England, discovered most of the vulnerabilities and worked with RealNetworks on testing the fixes.

The company said that it had not received any reports of successful attacks against any of these vulnerabilities.
One of the vulnerabilities occurs when a user clicks on a link to a SMIL (synchronized multimedia integration language) file. The RealOne software attempts to automatically download and play the content. But if an attacker supplied an overly long parameter within the SMIL file, this would cause a heap overflow in Realplay.exe.
A second vulnerability results when a user tries to download and play a file with an overly long file name parameter. When the user tries to play the file, a heap overflow occurs.
A third problem lies in the way the players handle some overly long file names. If a user downloaded such a file and then right-clicked in the "Now Playing" field and selected "Edit clip info" or "Select copy to my library," it would cause a stack overflow.
The new releases also fix five other buffer overruns that Litchfield discovered during his tests on the RealOne software.
The updates are available here.